#!/bin/bash

mkdir new_certz
touch root-ca.index
touch root-ca.index.attr
echo 00 > root-ca.crlnum
openssl rand -hex 16 > root-ca.serial

# Create signing request for the client
openssl req -config client.config -new -sha256 -newkey rsa:2048 -nodes \
    -keyout client-key.pem -days 365 -out client-request.pem

# Create signed certificate for the client
openssl ca -config client.config -batch -days 365 -extensions client_ext -out client-cert.pem -infiles client-request.pem
